Tail calls end protectors too early

[RalfJung]

In a tail call, before_stack_pop gets called before the stack frame is replaced with that of the new function. This ends the corresponding protectors in Miri, which is premature: they should instead be carried over to the new stack frame, and only ended when we return back to the caller.

This affects both protection of function arguments and, perhaps even more relevant, the return place.

Currently it is hard to write a test case since custom MIR does not yet support tail calls (support is being added in rust-lang/rust#128688).

[RalfJung]

Ah, actually it seems like we do handle this properly for the return place -- a new protector gets created for the same return place again.

However, function arguments do not get re-protected unless they are passed to the new function. So there's a question here whether the scope of a "noalias" function argument extends until just before a tail call, or until after the tail call returns.

[RalfJung]

Closing in favor of rust-lang/unsafe-code-guidelines#523.